Page MenuHomePhabricator
Create Task
Maniphest T383146

Toolforge UI: Investigate integration of Striker functionality
Open, HighPublic
Actions

Description

Background

Striker (the software that runs Toolsadmin) handles the OAuth processes required to enable the creation and management of Toolforge user accounts. Implementing those complex flows on a new Toolforge UI web platform would be non-trivial. We must develop a long-term strategy to make available these and the rest of the scoped Toolforge UI features conveniently to users.

Goals

The Toolforge UI team should conduct an investigation to reveal the advantages and disadvantages of the following potential approaches:

On the architectural side:

  1. Keep striker in production and extend it's functionality: Striker could remain deployed in prod as it currently is, instead of moving it to the Toolforge Kubernetes cluster.
  2. Split striker in two, an "old version" with limited functionality running in production handling the prod-related flows, and a "new version" running in the Toolforge Kubernetes cluster handling the rest of the UI flows, forcing users to navigate between both when needed. The assumption (which could be validated with users once the flow is clearer) is that this solution could negatively impact the flow of tool owners.
  3. Split striker in two, an API with limited functionality running in production handling the prod-related flows (ex. striker-api), and a UI running in the Toolforge Kubernetes cluster handling all the UI flows (so users don't have to jump between sites, ex. striker-ui).

On the design side, if we decide to split striker:

  1. Reuse the current stack for the Toolforge Kubernetes cluster side of the split
  2. Start a new codebase for the Toolforge Kubernetes cluster side of the split (probably makes sense only in case that the UI flows are very different from what's currently implemented)

This last investigation should estimate the flexibility of the existing codebase and the feasibility of using modern front-end frameworks (Vue.js) with it. (See previous exploration for reference: T380114: Striker should use Codex, available on https://toolsadmin-toolsbeta.wikimedia.org/.)

Acceptance criteria
  • We obtain enough information to support a long term decision and define any needed intermediate steps needed to integrate Striker functionality in Toolforge UI

Related Objects
Search...

Event Timeline

Sarai-WMF created this task.Jan 7 2025, 6:00 PM
bd808 subscribed.Jan 7 2025, 6:18 PM

The description given for option 1 is full of biasing statements without evidence. Many of them sound objectively incorrect to me, but I know I have bias in the opposite direction as the person who designed, implemented, and maintained Striker from 2016-2023.

taavi subscribed.Jan 7 2025, 6:28 PM

Notes from previous discussion: The current implementation would present many blockers and require a lot of re-architecting to allow the development of planned features (see Requirements document). Extending Striker would also involve dealing with a production environment, and facing testing and permissions limitations. It would also prevent us from easily following the new Wikimedia front end standards (i.e., building with Vue.js)

Which discussion? Why is the referenced document private?

Also +1 to what Bryan said. I believe my work on T380114: Striker should use Codex (some of which is already live on https://toolsadmin-toolsbeta.wikimedia.org/) demonstrates that modern front-end tooling can be used with the current Striker codebase just fine.

Sarai-WMF added a comment.EditedJan 8 2025, 11:52 AM

Hey @bd808 and @taavi. Thank you both for sharing valuable information and resources regarding Striker's modernization. I'll make sure to reflect your comments in the description and remove the clear negative bias!

Please keep in mind that 1. this is an investigation task set up to gather evidence: all that's included in the description are (or should be) assumptions – I'll clarify that. 2. the task was created by a designer that doesn't have a specialized technical background and knowledge of the Striker codebase. I was just paraphrasing what was heard during a discussion, but I see how biasing and negative the statement for option 1 definitely is. 3. The task is WIP and pending to be reviewed by actual Toolforge engineers.

Thanks again!

Sarai-WMF updated the task description. (Show Details)Jan 8 2025, 1:17 PM
dcaro subscribed.Jan 8 2025, 3:36 PM
joanna_borun triaged this task as High priority.Jan 8 2025, 3:37 PM
dcaro updated the task description. (Show Details)Jan 8 2025, 6:24 PM

Reworded the choices to reflect that's two things being decided at most, not one.

dcaro updated the task description. (Show Details)Jan 8 2025, 6:28 PM
dcaro updated the task description. (Show Details)
bd808 added a comment.Jan 8 2025, 9:02 PM

Are the various "running in k8s" statements in the task description specifically about deployment to the Kubernetes cluster within Toolforge itself, or something else?

dcaro added a comment.Jan 9 2025, 11:11 AM
In T383146#10442764, @bd808 wrote:

Are the various "running in k8s" statements in the task description specifically about deployment to the Kubernetes cluster within Toolforge itself, or something else?

Yep, within toolforge itself

bd808 updated the task description. (Show Details)Jan 10 2025, 12:02 AM
bd808 added a comment.Jan 10 2025, 12:09 AM

Striker lives in the production realm today because it handles Developer account passwords and has write access to the LDAP directory and Keystone. Historically we have seen these credentials as too sensitive to allow within the Cloud VPS environment. The password auth system could be replaced with OIDC/SAML/whatever authentication from idp.wikimedia.org. The write access to LDAP is a pretty core need as Toolforge's authentication and authorization are LDAP based. It should be reasonably possible to split things into a client/server model that would put LDAP writes in a process that is deployed separately from user facing UI if there are compelling reasons to place the UI within the less-trusted Toolforge Kubernetes realm.

Sarai-WMF renamed this task from [WIP] Toolforge UI: Investigate integration of Striker functionality to Toolforge UI: Investigate integration of Striker functionality.Jan 20 2025, 12:49 PM
Novem_Linguae subscribed.Jan 20 2025, 1:26 PM
taavi updated the task description. (Show Details)Jan 20 2025, 2:08 PM
dcaro mentioned this in T144713: Add a web shell allowing people to perform actions as their tool from striker.Apr 16 2025, 2:28 PM
Sarai-WMF mentioned this in T393010: [DRAFT] Decision Request - Initial product approach to integrating Toolforge UI functionality with Toolsadmin.Apr 30 2025, 1:47 PM
JeanFred subscribed.May 4 2025, 1:17 PM
fnegri moved this task from Inbox to Epics on the cloud-services-team board.Sep 5 2025, 8:41 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits